[overlord-issues] [JBoss JIRA] (SRAMP-384) Add validation for password in overlord commons installer

David virgil naranjo (JIRA) issues at jboss.org
Tue Apr 22 09:40:33 EDT 2014 

    [ https://issues.jboss.org/browse/SRAMP-384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12963024#comment-12963024 ] 

David virgil naranjo commented on SRAMP-384:
--------------------------------------------

The implementation I have started and almost finish is this:

Create a custom Ant task that using the System.console() ask the user for the password/confirming password and try to call the AddUser Jboss Main method. If there is any exception then the program display the message and ask for password again:
- Password Validation Exception
- User already inserted
...

Here I found a problem. We need a Ant Local JBOSS_HOME environment variable:
- Inside of the code of jboss-as-domain-management jar, it uses this environment variable to read where is the instance of Jboss AS.
I took several looks to google and there is no way to set a not durable environment variable.

In Ant the only way to modify the env variable is throw the Java Ant task. But using the Java Ant task the System.console() is not available... also I checked this.

Then I thought to create the loop that I did in Java using something similar in the ant build, but there is not a tag do/while in Ant.

Any suggestion?

                
> Add validation for password in overlord commons installer
> ---------------------------------------------------------
>
>                 Key: SRAMP-384
>                 URL: https://issues.jboss.org/browse/SRAMP-384
>             Project: S-RAMP
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>            Reporter: Eric Wittmann
>            Assignee: David virgil naranjo
>             Fix For: 0.5.0 - API Management
>
>
> Currently the overlord commons installer is responsible for doing all security related work.  This includes creating the overlord 'admin' user and configured a password for this user.  The installer prompts the user for this password and then passes whatever the user entered to the JBoss EAP add-user utility.  This utility will fail if the password does not meet certain standards.  However, the utility fails without failing the overall install.
> The installer should do its own validation of the password entered by the user so that this silent failure doesn't happen.  Also note that the password input and validation should happen before anything else security related gets installed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the overlord-issues mailing list